Network Segmentation

The processes and procedures that assure that the network structure matches the risk domains established within the infrastructure (e.g., externally facing servers are on a spearate segment than internal servers)

Cloud Controls Matrix (CCM) Data

Array

SA-11 | Security Architecture | Shared Networks

Control Specification +-

Access to systems with shared network infrastructure shall be restricted to authorized personnel in accordance with security policies, procedures and standards. Networks shared with external entities shall have a documented plan detailing the compensating controls used to separate network traffic between organizations.

Architectural Relevance +-

PhysicalNetworkComputeAppData
True True True True True

Corp Gov Relevance +-

Corp Gov Relevance
True

Cloud Service Delivery Model Applicability +-

SaaSPaaSIaaS
True True True

Supplier Relationship +-

Service ProviderTenant / Consumer
True True

Scope Applicability +-

COBIT 4.1HIPAA / HITECH ActISO/IEC 27001-2005

45 CFR 164.312 (a)(1)

A.10.8.1
A.11.1.1
A.11.6.2
A.11.4.6

NIST SP800-53 R3FedRAMP (Final 2012) Low ImpactFedRAMP (Final 2012) Moderate ImpactPCI DSS v2.0

PE-4
SC-4
SC-7

NIST SP 800-53 R3 PL-2
NIST SP 800-53 R3 SC-1
NIST SP 800-53 R3 SC-7

NIST SP 800-53 R3 PE-4
NIST SP 800-53 R3 PL-2
NIST SP 800-53 R3 SC-1
NIST SP 800-53 R3 SC-4
NIST SP 800-53 R3 SC-7
NIST SP 800-53 R3 SC-7 (1)
NIST SP 800-53 R3 SC-7 (2)
NIST SP 800-53 R3 SC-7 (3)
NIST SP 800-53 R3 SC-7 (4)
NIST SP 800-53 R3 SC-7 (5)
NIST SP 800-53 R3 SC-7 (7)
NIST SP 800-53 R3 SC-7 (8)
NIST SP 800-53 R3 SC-7 (12)
NIST SP 800-53 R3 SC-7 (13)
NIST SP 800-53 R3 SC-7 (18)

1.3.5
2.4

BITS Shared Assessments SIG v6.0BITS Shared Assessments SIG v5.0GAPP (Aug 2009)

D.1.1, E.1, F.1.1, H.1.1

B.1

8.2.5

Jericho ForumNERC CIP

Commandment #5
Commandment #6
Commandment #7
Commandment #9
Commandment #10
Commandment #11

CIP-004-3 R3 - R3.2

Array

Consensus Assessments Initiative Questionnaire (CAIQ) Data

Security Architecture (SA) | ID #SA-11.1

Is access to systems with shared network infrastructure restricted to authorized personnel in accordance with security policies, procedures and standards. Networks shared with externalentities shall have a documented plan detailing the compensating controls used to separate network traffic between organizations?

Compliance Mapping +-

COBITHIPAAISO27001SP800_53

45 CFR 164.312 (a)(1) (New)

A.10.8.1
A.11.1.1
A.11.6.2
A.11.4.6

NIST SP800-53 R3 PE-4
NIST SP800-53 R3 SC-4
NIST SP800-53 R3 SC-7

FedRAMPPCI_DSSBITSGAPP

PCI DSS v2.0 1.3.5 PCI DSS v2.0 2.4

AUP v5.0 B.1 SIG v6.0: D.1.1, E.1, F.1.1, H.1.1,

GAPP Ref 8.2.5

Model Applicability +-

SaaSPaaSIaaS
True True True

Scope Applicability +-

SPCUST
True True